Extracted

• • Target

    2aa7c7b048a8f6309e245775046bd05d66a823b3a1a911d9bf93817cb91b3fb2.exe

  • Size

    1.7MB

  • MD5

    e1c0394f65e9cb401f5140cee31b07b5

  • SHA1

    6bfb3bb1d779fef57f257fc9d50c63f59cc0f3a4

  • SHA256

    2aa7c7b048a8f6309e245775046bd05d66a823b3a1a911d9bf93817cb91b3fb2

  • SHA512

    e981dabace3d60d8fdd6a46c973f220747671a8f46f16ee8f865be1474128ef6429e85300feb0c0f07e43b42b5ba85d84d3c1d9cb2cc2a10ed1bec38d11d4685

  • SSDEEP

    49152:XUE7mfsDKYpCbEYtTXEhbsoUroz5Yn0h3CAI3UXN:XU2ocKYY9oo9ro9+WCrk

  Score

  10^/10

  stealcsavediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2